SlideShare une entreprise Scribd logo

Integrating Qualys into the patch and vulnerability management processes

Télécharger en tant que PPTX, PDF
Vladimir Jirasek
Vladimir Jirasek

A short presentation for Qualys Secure London Dec 2011.

Technologie
1  sur  7
INTEGRATING QUALYS INTO THE PATCH AND VULNERABILITY MANAGEMENT PROCESSES Vladimir Jirasek Blog: JirasekOnSecurity.com Bio: About.me/jirasek 10th Nov 2011
About me • Security professional (11 years) • Founding member and steering group member of (Common Assurance Maturity Model) CAMM (common- assurance.com) • Director, CSA UK & Ireland • I love reading books: thrillers (Clive Cussler) and business management (Jo Owen)
I will cover topics today • How Qualys fits into the Security technology stack • Experiences from Qualys implementations • Integration into IT operations processes • Using MSSP
Security technology stack and Qualys • Feed into the SIEM • Metrics from Qualys and Threat enterprise portal intelligence GRC • Pattern matching in Information & Event Configuration Identity, Entitlement, Acce Mgmt compliance Cryptography Data Security • Web application scanning ss Application Security • Browser Check Host Security • Patch assessment • Configuration Network Security compliance Physical Security • SSL Server test
Experiences with Qualys • Easy deployment of non- • Configuration authenticated scanning compliance – manual • Resistance from IT configuration. Start small admins to give and grow controls root/server admin • Limited Oracle credentials compliance scanning • Do not scan through adoption firewalls • Vulnerability reporting – • CMDB usually treat vulnerabilities as inaccurate – using quality issues Qualys map/scan to • Browser check – populate excellent tool but requires user action
MSSP and Qualys • Outsourcing just Qualys to MSSP low value • Tools need to be used by IT Ops • MSSP add value when vulnerability data correlated with information sources • Firewall rules • Routing • Threat intelligence • CMDB – business criticality • IDS data • Anit-malware status
Integration into IT ops processes • Security is a quality aspect • Map security criticality levels to those in Ops change/incident process • Responsibility for patching and correction of non- compliance sits with the asset owner • But the risk management and escalation sits with security team – risk sign-off based on risk level

Recommandé

QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0Risk Analysis Consultants, s.r.o.
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAmazon Web Services
 
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...Risk Analysis Consultants, s.r.o.
 

Recommandé

QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0Risk Analysis Consultants, s.r.o.
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAmazon Web Services
 
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...Risk Analysis Consultants, s.r.o.
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis iseLino Quivén
 
Barracuda ng firewall
Barracuda ng firewallBarracuda ng firewall
Barracuda ng firewallKappa Data
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
F5 Programmability & Orchestration
F5 Programmability & OrchestrationF5 Programmability & Orchestration
F5 Programmability & OrchestrationMarketingArrowECS_CZ
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
RSA For Vblock
RSA For VblockRSA For Vblock
RSA For VblockRobb Boyd
 
Case Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private CloudCase Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private CloudVMware
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseRobb Boyd
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]Symantec
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEFast Lane Consulting and Education, Inc.
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introductionCalvin Lee
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
ZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB
 
Managed firewall service.
Managed firewall service.Managed firewall service.
Managed firewall service.Mindtree Ltd.
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 
4 Best Practices for Patch Management in Education IT
4 Best Practices for Patch Management in Education IT4 Best Practices for Patch Management in Education IT
4 Best Practices for Patch Management in Education ITKaseya
 
Presentación rcen qualys vulnerability management
Presentación rcen qualys vulnerability managementPresentación rcen qualys vulnerability management
Presentación rcen qualys vulnerability managementJuan Francisco Rivas Figueroa
 

Contenu connexe

Tendances

Barracuda ng firewall
Barracuda ng firewallBarracuda ng firewall
Barracuda ng firewallKappa Data
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
F5 Programmability & Orchestration
F5 Programmability & OrchestrationF5 Programmability & Orchestration
F5 Programmability & OrchestrationMarketingArrowECS_CZ
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
RSA For Vblock
RSA For VblockRSA For Vblock
RSA For VblockRobb Boyd
 
Case Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private CloudCase Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private CloudVMware
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseRobb Boyd
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]Symantec
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introductionCalvin Lee
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
ZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB
 
Managed firewall service.
Managed firewall service.Managed firewall service.
Managed firewall service.Mindtree Ltd.
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 

Tendances (20)

Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
Barracuda ng firewall
Barracuda ng firewallBarracuda ng firewall
Barracuda ng firewall
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security
 
F5 Programmability & Orchestration
F5 Programmability & OrchestrationF5 Programmability & Orchestration
F5 Programmability & Orchestration
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
RSA For Vblock
RSA For VblockRSA For Vblock
RSA For Vblock
 
Case Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private CloudCase Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private Cloud
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
 
Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introduction
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
 
ZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB Security and Compliance
ZyLAB Security and Compliance
 
Managed firewall service.
Managed firewall service.Managed firewall service.
Managed firewall service.
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE
 

En vedette

4 Best Practices for Patch Management in Education IT
4 Best Practices for Patch Management in Education IT4 Best Practices for Patch Management in Education IT
4 Best Practices for Patch Management in Education ITKaseya
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...Skoda Minotti
 
Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Marc-Andre Heroux
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Framework for a business process management competency centre
Framework for a business process management competency centreFramework for a business process management competency centre
Framework for a business process management competency centreMartin Moore
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Expert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategyExpert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategyDavid Terrar
 
What's the value proposition in adding automation/orchestration on top of Ser...
What's the value proposition in adding automation/orchestration on top of Ser...What's the value proposition in adding automation/orchestration on top of Ser...
What's the value proposition in adding automation/orchestration on top of Ser...Ayehu Software Technologies Ltd.
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 

En vedette (12)

4 Best Practices for Patch Management in Education IT
4 Best Practices for Patch Management in Education IT4 Best Practices for Patch Management in Education IT
4 Best Practices for Patch Management in Education IT
 
Presentación rcen qualys vulnerability management
Presentación rcen qualys vulnerability managementPresentación rcen qualys vulnerability management
Presentación rcen qualys vulnerability management
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
 
Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Framework for a business process management competency centre
Framework for a business process management competency centreFramework for a business process management competency centre
Framework for a business process management competency centre
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
Expert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategyExpert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategy
 
What's the value proposition in adding automation/orchestration on top of Ser...
What's the value proposition in adding automation/orchestration on top of Ser...What's the value proposition in adding automation/orchestration on top of Ser...
What's the value proposition in adding automation/orchestration on top of Ser...
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 

Similaire à Integrating Qualys into the patch and vulnerability management processes

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
What's new in windows server 2012 and system center 2012 sp1 for hosting and ...
What's new in windows server 2012 and system center 2012 sp1 for hosting and ...What's new in windows server 2012 and system center 2012 sp1 for hosting and ...
What's new in windows server 2012 and system center 2012 sp1 for hosting and ...☁️Carl Nakamura [MSFT]☁️
 
Cloud os and management overview of windows server 2012 and system center 2...
Cloud os and management overview of windows server 2012 and system center 2...Cloud os and management overview of windows server 2012 and system center 2...
Cloud os and management overview of windows server 2012 and system center 2...☁️Carl Nakamura [MSFT]☁️
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
Fishnet Security Overview
Fishnet Security OverviewFishnet Security Overview
Fishnet Security Overviewtbeckwith
 
Retail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance BriefingRetail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance BriefingKaseya
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!
Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!
Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!Kaseya
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanationindianadvisory
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfNaveenKumar470500
 

Similaire à Integrating Qualys into the patch and vulnerability management processes (20)

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
 
What's new in windows server 2012 and system center 2012 sp1 for hosting and ...
What's new in windows server 2012 and system center 2012 sp1 for hosting and ...What's new in windows server 2012 and system center 2012 sp1 for hosting and ...
What's new in windows server 2012 and system center 2012 sp1 for hosting and ...
 
Cloud os and management overview of windows server 2012 and system center 2...
Cloud os and management overview of windows server 2012 and system center 2...Cloud os and management overview of windows server 2012 and system center 2...
Cloud os and management overview of windows server 2012 and system center 2...
 
Pci Req
Pci ReqPci Req
Pci Req
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
 
Fishnet Security Overview
Fishnet Security OverviewFishnet Security Overview
Fishnet Security Overview
 
Retail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance BriefingRetail IT 2013: Data Security & PCI Compliance Briefing
Retail IT 2013: Data Security & PCI Compliance Briefing
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!
Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!
Feb. 28 - 5 Best Practices for Network Discovery & Management in 2013!
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanation
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdf
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdf
 

Plus de Vladimir Jirasek

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009Vladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metricsVladimir Jirasek
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White HatsVladimir Jirasek
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011Vladimir Jirasek
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekVladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityVladimir Jirasek
 

Plus de Vladimir Jirasek (17)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011CAMM presentation for Cyber Security Gas and Oil june 2011
CAMM presentation for Cyber Security Gas and Oil june 2011
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 

Dernier

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Dernier (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Integrating Qualys into the patch and vulnerability management processes

  • 1. INTEGRATING QUALYS INTO THE PATCH AND VULNERABILITY MANAGEMENT PROCESSES Vladimir Jirasek Blog: JirasekOnSecurity.com Bio: About.me/jirasek 10th Nov 2011
  • 2. About me • Security professional (11 years) • Founding member and steering group member of (Common Assurance Maturity Model) CAMM (common- assurance.com) • Director, CSA UK & Ireland • I love reading books: thrillers (Clive Cussler) and business management (Jo Owen)
  • 3. I will cover topics today • How Qualys fits into the Security technology stack • Experiences from Qualys implementations • Integration into IT operations processes • Using MSSP
  • 4. Security technology stack and Qualys • Feed into the SIEM • Metrics from Qualys and Threat enterprise portal intelligence GRC • Pattern matching in Information & Event Configuration Identity, Entitlement, Acce Mgmt compliance Cryptography Data Security • Web application scanning ss Application Security • Browser Check Host Security • Patch assessment • Configuration Network Security compliance Physical Security • SSL Server test
  • 5. Experiences with Qualys • Easy deployment of non- • Configuration authenticated scanning compliance – manual • Resistance from IT configuration. Start small admins to give and grow controls root/server admin • Limited Oracle credentials compliance scanning • Do not scan through adoption firewalls • Vulnerability reporting – • CMDB usually treat vulnerabilities as inaccurate – using quality issues Qualys map/scan to • Browser check – populate excellent tool but requires user action
  • 6. MSSP and Qualys • Outsourcing just Qualys to MSSP low value • Tools need to be used by IT Ops • MSSP add value when vulnerability data correlated with information sources • Firewall rules • Routing • Threat intelligence • CMDB – business criticality • IDS data • Anit-malware status
  • 7. Integration into IT ops processes • Security is a quality aspect • Map security criticality levels to those in Ops change/incident process • Responsibility for patching and correction of non- compliance sits with the asset owner • But the risk management and escalation sits with security team – risk sign-off based on risk level

Notes de l'éditeur

  1. Areas support each other, all feed into SIEM and GRC